support comma seperated kinds

main.go

@@ -2,7 +2,6 @@ package main
 
 import (
 	"flag"
-	"strings"
 
 	"github.com/golang/glog"
 	"github.com/nirmata/kyverno/pkg/config"
@@ -18,7 +17,7 @@ import (
 var (
 	kubeconfig    string
 	serverIP      string
-	filterK8Kinds arrayFlags
+	filterK8Kinds webhooks.ArrayFlags
 )
 
 func main() {
@@ -52,7 +51,6 @@ func main() {
 	if err != nil {
 		glog.Fatalf("Failed to initialize TLS key/certificate pair: %v\n", err)
 	}
-
 	server, err := webhooks.NewWebhookServer(client, tlsPair, policyInformerFactory, filterK8Kinds)
 	if err != nil {
 		glog.Fatalf("Unable to create webhook server: %v\n", err)
@@ -82,24 +80,10 @@ func main() {
 	policyController.Stop()
 }
 
-type arrayFlags []string
-
-func (i *arrayFlags) String() string {
-	var sb strings.Builder
-	for _, str := range *i {
-		sb.WriteString(str)
-	}
-	return sb.String()
-}
-
-func (i *arrayFlags) Set(value string) error {
-	*i = append(*i, value)
-	return nil
-}
 func init() {
 	flag.StringVar(&kubeconfig, "kubeconfig", "", "Path to a kubeconfig. Only required if out-of-cluster.")
 	flag.StringVar(&serverIP, "serverIP", "", "IP address where Kyverno controller runs. Only required if out-of-cluster.")
-	flag.Var(&filterK8Kinds, "filterKind", "k8 kinds where polcies are not to be applied on")
+	flag.Var(&filterK8Kinds, "filterKind", "k8 kind where policy is not evaluated by the admission webhook. example --filterKind \"Event\" --filterKind \"TokenReview,ClusterRole\"")
 	config.LogDefaultFlags()
 	flag.Parse()
 }

pkg/webhooks/server.go

@@ -54,9 +54,8 @@ func NewWebhookServer(
 	ws := &WebhookServer{
 		client:       client,
 		policyLister: shareInformer.GetLister(),
-		filterKinds:  filterKinds,
+		filterKinds:  parseKinds(filterKinds),
 	}
-
 	mux := http.NewServeMux()
 	mux.HandleFunc(config.MutatingWebhookServicePath, ws.serve)
 	mux.HandleFunc(config.ValidatingWebhookServicePath, ws.serve)
@@ -82,7 +81,7 @@ func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) {
 	admissionReview.Response = &v1beta1.AdmissionResponse{
 		Allowed: true,
 	}
-	if !stringInSlice(admissionReview.Request.Kind.Kind, ws.filterKinds) {
+	if !StringInSlice(admissionReview.Request.Kind.Kind, ws.filterKinds) {
 
 		switch r.URL.Path {
 		case config.MutatingWebhookServicePath:
@@ -107,15 +106,6 @@ func (ws *WebhookServer) serve(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
-func stringInSlice(kind string, list []string) bool {
-	for _, b := range list {
-		if b == kind {
-			return true
-		}
-	}
-	return false
-}
-
 // RunAsync TLS server in separate thread and returns control immediately
 func (ws *WebhookServer) RunAsync() {
 	go func(ws *WebhookServer) {

pkg/webhooks/utils.go

@@ -0,0 +1,45 @@
+package webhooks
+
+import (
+	"strings"
+)
+
+//StringInSlice checks if string is present in slice of strings
+func StringInSlice(kind string, list []string) bool {
+	for _, b := range list {
+		if b == kind {
+			return true
+		}
+	}
+	return false
+}
+
+//parseKinds parses the kinds if a single string contains comma seperated kinds
+// {"1,2,3","4","5"} => {"1","2","3","4","5"}
+func parseKinds(list []string) []string {
+	kinds := []string{}
+	for _, k := range list {
+		args := strings.Split(k, ",")
+		for _, arg := range args {
+			if arg != "" {
+				kinds = append(kinds, strings.TrimSpace(arg))
+			}
+		}
+	}
+	return kinds
+}
+
+type ArrayFlags []string
+
+func (i *ArrayFlags) String() string {
+	var sb strings.Builder
+	for _, str := range *i {
+		sb.WriteString(str)
+	}
+	return sb.String()
+}
+
+func (i *ArrayFlags) Set(value string) error {
+	*i = append(*i, value)
+	return nil
+}